Two thirds of the largest businesses in the UK have suffered a cyberattack or data breach within the past twelve months -- and a quarter of those affected experience a breach at least once per month.
Those are some of the concerning figures on cybersecurity which are published in the UK government's Cyber Security Breaches Survey 2016, which analyses the costs and impacts of cyber breaches and attacks at over one thousand businesses.
Despite the survey taking place almost immediately in the wake of the TalkTalk data breacch -- the research was carried out between November 2015 and February 2016 -- the report suggests that many businesses are still failing to take appropriate action on cybersecurity.
Perhaps owing to the number of employees, it's large organisations which have most regularly experienced a cybersecurity failing within the last 12 months, with 65 percent admitting that they'd suffered a breach, according to the report.
The proportion of businesses that have suffered a breach declines as the organisation gets smaller: 51 percent of medium firms said they'd been the victim of an attack, compared to 33 percent of small firms, while just 17 percent of micro firms say they'd suffered a data breach. This could be because smaller firms are less attractive targets to hackers, or perhaps because they lack the skills to recognise a breach has taken place.
Of those businesses which have suffered a data breach, half said that the incident had been a one-off. But for a quarter of those affected, the attacks are more frequent, at least once a month. These recurring incidents could be caused by persistent attacks, poor cybersecurity strategy, or a combination of both.
According to the report, by far the most common reason for suffering a data breach is via virus, spyware, or malware, with just over two thirds of those affected stating that they'd suffered a cyberattack of this kind. Meanwhile, hackers impersonating members of the organisation is the second most common reason for organisations to suffer a data breach, with a third of firms revealing they'd been attacked in this way.
The Cyber Security Breaches Survey 2016 is designed to be the first instalment of an annual report, with the government working alongside Ipsos Mori and the University of Portsmouth to compile the required data.
The report notes that "currently most cybersecurity breaches are not reported at all", which could mean the government does not have an accurate picture of the country's cybersecurity landscape.
This research comes shortly after Chris Gibson, director of UK's national Computer Emergency Response Team (CERT-UK), warned that many organisations are susceptible to hackers because they're failing to enact even the most basic cybersecurity practices.